Does anybody have tips on how to invalidate a wallet address response if it's intercepted and modified like this?

Off the top of my head, you could include your own checksum in the payload. Their code only modifies the address. Nothing would prevent them from reverse engineering checksum, too.

There are ways to detect a replaced/proxied global window function too, and that's another arms race.